RANSOMWARE IN ANZ
Noushin Shabab Senior Security Researcher at Global Research and Analysis Team ANZ
1 We believe that everyone – from home computer users through to large corporations and governments – should be able to protect what matters to them most. Whether it’s privacy, family, finances, customers, business success or critical infrastructure, we’ve made it our mission to secure it all.
Eugene Kaspersky, chairman and CEO, Kaspersky Lab
2 EXPERTISE
of our employees new malicious files world-leading are R&D detected by Kaspersky Lab security experts – 1/3 specialists 325,000 every day 40 our elite group
Our Global Research and Analysis Team of security experts constantly explore and fight the most advanced cyberthreats.
3 OUR ROLE IN THE GLOBAL IT SECURITY COMMUNITY
We participate in joint operations and cyberthreat investigations with the Global IT security community, international organisations such as INTERPOL and Europol, law enforcement agencies and CERTs worldwide
We hold regular training We provide expert We host the annual courses for INTERPOL speakers at conferences Kaspersky Lab Security and Europol officers and around the globe, e.g. Analyst Summit which the police forces of many World Economic Forum in brings together the world’s countries, e.g. City of Davos best IT security experts London Police
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
4 AGENDA
• What is ransomware? • History • Classifications of ransomware • Propagation and Acceleration • Ransomware in ANZ • How to prevent ransomware? • No more ransom!
5 WHAT IS RANSOMWARE?
6 WHAT IS RANSOMWARE?
Ransomware is a type of malware that attempts to extort money from a user by infecting and taking control of the victim's machine or the files or documents stored on it.
Typically, ransomware will either lock the computer to prevent normal usage or encrypt the documents and files on it to prevent access to saved data
7 HISTORY OF RANSOMWARE.
8 FIRST RANSOMWARE
9 NOW Multiple variants on multiple platforms causing major damage
2013 A MacOS X-specific Ransomware
2013 Start spreading via Exploit Kit
2011 Ransomware imitating Windows Product Activation
2006 Gpcode
Academic paper: 1996 “Cryptovirology: Extortion-based Security Threats and Countermeasures”
1989 AIDS Trojan (also known as "PC Cyborg")
10 TYPES OF RANSOMWARE
Screen Locker
Mobile device Ransomware(Android) Ransomware encrypting web servers
Encryption Ransomware
11 PROPERGATION AND ACCELERATION
12 PROPERGATION METHODS
• Infected websites • Malvertising • Emails • Instant Message • Social Networks
13 EMAIL WITH MS OFFICE DOCUMENT ATTACHMENT
14 TRICKS TO MAKE USERS ENABLE DOCUMENT MACROS
15 EMAIL WITH ARCHIVED EXECUTABLE
16 EXAMPLES IN AUSTRALIA AND NEW ZEALAND
17 SCAM EMAIL HEADLINES IN AUSTRALIA
18 SCAM EMAILS ON THE FEDERAL COURT
19 SCAM EMAILS ON THE ANZ POST
20 INFECTION VECTOR
Scam emails Compromised websites Attackers websites
Malicious Resources Links Injected into website Malicious Files
21 STATISTICS ON RANSOMWARE
22 RANSOMWARE IN Q3
• The overall number of cryptor modifications in our malware collection to-date is at least 26,000. 21 new cryptor families and 32.091 new modifications were detected in Q3 2016.
• In Q3 2016, 821,865 unique users were attacked by cryptors – 2.6 times more than in the previous quarter.
Number of new cryptor samples in our collection Number of users attacked by ransomware
23 TOP 10 CRYPTORS Q3
24 MAP OF AUSTRALIA AND NEW ZEALAND
25 HOW TO PREVENT RANSOMWARE?
• Always Make Backups • Keep all software updated • Improve User Awareness • Use Reliable Antivirus solution • DON’T PAY THE RANSOM!
26 NO MORE RANSOM
27 NO MORE RANSOM
28 NO MORE RANSOM MOVEMENT
29 HOW CAN WE HELP?
30 KASPERSKY’S CYBER SECURITY TRAINING
• Work through typical scenarios and situations • Gain greater knowledge and understanding of potential threats and how to deal with them • Skills Assessment • Measurable education plan
31 KASPERSKY’S SYSTEM WATCHER • If suspicious application attempts to open users personal files, it makes a local protected back up copy • If is found to be crypto-malware, automatically rolls back unsolicited changes to system files.
KASPERSKY’S ANTI CRYPTOR FOR FILE SERVER • Detects encryption algorithm from endpoint to file server • Severs connection so no further encryption can occur 32 REMEMBER, DON’T PAY THE RANSOM!
33 LET’S TALK?
Kaspersky Lab HQ 39A/3 Leningradskoe Shosse Moscow, 125212, Russian Federation Tel: +7 (495) 797-8700 www.kaspersky.com
34